search

apache / gravitino

World's most powerful open data catalog for building a high-performance, geo-distributed and federated metadata lake.
https://gravitino.apache.org
Apache License 2.0
923 stars 296 forks source link

[Subtask] Update LICENSE and notice for web UI #942

Closed justinmclean closed 9 months ago

justinmclean commented 9 months ago

We need to update the LICENSE and NOTICE files. To do that, we need a list of all software that ends up in the distribution, their license text, and if they are Apache licensed if they have a NOTICE file and it contents.

justinmclean commented 9 months ago

@ch3yne Can you confirm if NONE_ENV=production yarn list or license-checker --production gives a valid list of software for production?

ch3yne commented 9 months ago

In the list checked with license-checker --production, here are the top-level ones actually used in the web directory.

├─ @emotion/cache │ ├─ licenses: MIT │ ├─ repository: https://github.com/emotion-js/emotion/tree/main/packages/cache │ ├─ path: gravitino/web/node_modules/@emotion/cache │ └─ licenseFile: gravitino/web/node_modules/@emotion/cache/LICENSE

├─ @emotion/react │ ├─ licenses: MIT │ ├─ repository: https://github.com/emotion-js/emotion/tree/main/packages/react │ ├─ publisher: Emotion Contributors │ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react │ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react/LICENSE

├─ @hookform/resolvers │ ├─ licenses: MIT │ ├─ repository: https://github.com/react-hook-form/resolvers │ ├─ publisher: bluebill1049 │ ├─ email: bluebill1049@hotmail.com │ ├─ path: gravitino/web/node_modules/@hookform/resolvers │ └─ licenseFile: gravitino/web/node_modules/@hookform/resolvers/LICENSE

├─ @mui/lab │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/material-ui │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/lab │ └─ licenseFile: gravitino/web/node_modules/@mui/lab/LICENSE

├─ @mui/material │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/material-ui │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/material │ └─ licenseFile: gravitino/web/node_modules/@mui/material/LICENSE

├─ @mui/x-data-grid │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/mui-x │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/x-data-grid │ └─ licenseFile: gravitino/web/node_modules/@mui/x-data-grid/LICENSE

├─ @mui/x-tree-view │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/mui-x │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/x-tree-view │ └─ licenseFile: gravitino/web/node_modules/@mui/x-tree-view/LICENSE

├─ @reduxjs/toolkit │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/redux-toolkit │ ├─ publisher: Mark Erikson │ ├─ email: mark@isquaredsoftware.com │ ├─ path: gravitino/web/node_modules/@reduxjs/toolkit │ └─ licenseFile: gravitino/web/node_modules/@reduxjs/toolkit/LICENSE

├─ axios@1.6.2 │ ├─ licenses: MIT │ ├─ repository: https://github.com/axios/axios │ ├─ publisher: Matt Zabriskie │ ├─ path: gravitino/web/node_modules/axios │ └─ licenseFile: gravitino/web/node_modules/axios/LICENSE

├─ chroma-js@2.4.2 │ ├─ licenses: (BSD-3-Clause AND Apache-2.0) │ ├─ repository: https://github.com/gka/chroma.js │ ├─ publisher: Gregor Aisch │ ├─ path: gravitino/web/node_modules/chroma-js │ └─ licenseFile: gravitino/web/node_modules/chroma-js/LICENSE

├─ clsx@2.0.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/lukeed/clsx │ ├─ publisher: Luke Edwards │ ├─ email: luke.edwards05@gmail.com │ ├─ url: https://lukeed.com │ ├─ path: gravitino/web/node_modules/clsx │ └─ licenseFile: gravitino/web/node_modules/clsx/license

├─ dayjs@1.11.10 │ ├─ licenses: MIT │ ├─ repository: https://github.com/iamkun/dayjs │ ├─ publisher: iamkun │ ├─ path: gravitino/web/node_modules/dayjs │ └─ licenseFile: gravitino/web/node_modules/dayjs/LICENSE

├─ next@14.0.3 │ ├─ licenses: MIT │ ├─ repository: https://github.com/vercel/next.js │ ├─ path: gravitino/web/node_modules/next │ └─ licenseFile: gravitino/web/node_modules/next/license.md

├─ nprogress@0.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/rstacruz/nprogress │ ├─ publisher: Rico Sta. Cruz │ ├─ email: hi@ricostacruz.com │ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress │ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress/License.md

├─ react-dom@18.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/facebook/react │ ├─ path: gravitino/web/node_modules/react-dom │ └─ licenseFile: gravitino/web/node_modules/react-dom/LICENSE

├─ react-hook-form@7.48.2 │ ├─ licenses: MIT │ ├─ repository: https://github.com/react-hook-form/react-hook-form │ ├─ email: bluebill1049@hotmail.com │ ├─ path: gravitino/web/node_modules/react-hook-form │ └─ licenseFile: gravitino/web/node_modules/react-hook-form/LICENSE

├─ react-hot-toast@2.4.1 │ ├─ licenses: MIT │ ├─ repository: https://github.com/timolins/react-hot-toast │ ├─ publisher: Timo Lins │ ├─ path: gravitino/web/node_modules/react-hot-toast │ └─ licenseFile: gravitino/web/node_modules/react-hot-toast/LICENSE

├─ react-redux@8.1.3 │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/react-redux │ ├─ publisher: Dan Abramov │ ├─ email: dan.abramov@me.com │ ├─ url: https://github.com/gaearon │ ├─ path: gravitino/web/node_modules/react-redux │ └─ licenseFile: gravitino/web/node_modules/react-redux/LICENSE.md

├─ react-use@17.4.2 │ ├─ licenses: Unlicense │ ├─ repository: https://github.com/streamich/react-use │ ├─ publisher: @streamich │ ├─ path: gravitino/web/node_modules/react-use │ └─ licenseFile: gravitino/web/node_modules/react-use/LICENSE

├─ react@18.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/facebook/react │ ├─ path: gravitino/web/node_modules/react │ └─ licenseFile: gravitino/web/node_modules/react/LICENSE

├─ redux@4.2.1 │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/redux │ ├─ path: gravitino/web/node_modules/redux │ └─ licenseFile: gravitino/web/node_modules/redux/LICENSE.md

└─ yup@1.3.2 ├─ licenses: MIT ├─ repository: https://github.com/jquense/yup ├─ publisher: @monasticpanic Jason Quense ├─ path: gravitino/web/node_modules/yup └─ licenseFile: gravitino/web/node_modules/yup/LICENSE.md

justinmclean commented 9 months ago

A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by license-checker -production until we have a definite list.

justinmclean commented 9 months ago

So comparisons can be made here are all the 3rd party production dependencies and their licenses.

all.txt

ch3yne commented 9 months ago

A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by license-checker -production until we have a definite list.

yarn licenses list --productionor license-checker --production commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient.

yarn licenses list --production licenses.txt

ch3yne commented 9 months ago

yarn licenses generate-disclaimer running this command will return a sorted list of licenses from all the installed packages to the stdout.

license-details.txt

justinmclean commented 9 months ago

yarn licenses generate-disclaimer running this command will return a sorted list of licenses from all the installed packages to the stdout.

license-details.txt

While helpful, it is not usable as is, as it also includes the txt of incompatible licenses and extra text that should not be included in a license file, e.g. GPL. Some of the software is dual-licensed, and we need to select which license it is under. I think it also also includes licenses used at build time but not in the release.

justinmclean commented 9 months ago

A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by license-checker -production until we have a definite list.

yarn licenses list --productionor license-checker --production commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient.

yarn licenses list --production licenses.txt

I think you mean production rather than development.

ch3yne commented 9 months ago

yarn licenses generate-disclaimer running this command will return a sorted list of licenses from all the installed packages to the stdout. license-details.txt

While helpful, it is not usable as is, as it also includes the txt of incompatible licenses and extra text that should not be included in a license file, e.g. GPL. Some of the software is dual-licensed, and we need to select which license it is under. I think it also also includes licenses used at build time but not in the release.

Okay, thanks, I understand now.

ch3yne commented 9 months ago

A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by license-checker -production until we have a definite list.

yarn licenses list --productionor license-checker --production commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient. yarn licenses list --production licenses.txt

I think you mean production rather than development.

Apologies, I used the incorrect word.